GELF_TCP

Post a question
1
response

Help with GELF_TCP fields

Need some help, I want the fields "$srcip, $srcport, $dstip, $dstport" to be put together in another field, called "$netinfo", how do I do it ??

My logs

#fields    ts    uid    id.orig_h    id.orig_p    id.resp_h    id.resp_p    proto    trans_id    query    qclass    qclass_name    qtype    qtype_name    rcode    rcode_name    AA    TC    RD    RA    Z    answers    TTLs    rejected
AskedSeptember 2, 2017 - 6:49pm